Posted on September 16, 2024
The Port of Seattle issued the following statement on the cyberattack impacting its systems
SEATTLE — Sept. 13, 2024 — On August 24, 2024, the Port of Seattle identified system outages consistent with a cyberattack. It was a fast-moving situation, and Port staff worked to quickly isolate critical systems. Since that time, Port staff have been working around the clock to ensure that our partners and travelers who use our gateways safely and securely reach their destinations and utilize our facilities. This has included engaging with our forensics specialists and actively supporting law enforcement’s investigation of the attacker. It also has included countless hours by Port staff and volunteers to mitigate the impact of the incident. While our response and recovery are still ongoing, we wanted to share updated information about what happened, what we have been doing, and how we are further strengthening our security.
What Happened
This incident was a “ransomware” attack by the criminal organization known as Rhysida. The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorized activity on Port systems since that day. We remain on heightened alert and are continuously monitoring our systems.
It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.
What Was Affected
Our investigation has determined that the unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data. We took steps to block further activities including disconnecting our systems from the internet, but unfortunately, the encryption and our response actions hindered some port services including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking. Our team was able to bring the majority of these systems back online within the week, though work to restore some systems like our external website and internal portals is ongoing. Our current operational status is available at our temporary website, https://www.portseattle.org/.
The Port has refused to pay the ransom demanded, and as a result, the actor may respond by posting data they claim to have stolen on their darkweb site. Our investigation of what data the actor took is ongoing, but it does appear that some Port data was obtained by the actor in mid-to-late August. Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate. In particular, if we identify that the actor obtained employee or passenger personal information, we will carry out our responsibilities to inform them.
What We Have Done
“From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” said Steve Metruck, Executive Director of the Port of Seattle. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient Port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”
How We Are Strengthening Our Security
While restoring and rebuilding systems, we have been taking additional steps to enhance our existing controls and further secure our IT environment, including strengthening our identity management and authentication protocols, as well as enhancing our monitoring.
We recognize the inconvenience this incident has caused, and for that, we apologize. Thank you for your understanding and for your patience during this incident.
The Port of Seattle remains committed to operating our aviation and maritime gateways prioritizing safety, efficiency, and security.
For additional status information visit https://www.portseattle.org, as well as Port of Seattle social media channels, including X, Facebook, Instagram, Threads, and YouTube.